Support for Drupal 7 is ending on 5 January 2025—it’s time to migrate to Drupal 10! Learn about the many benefits of Drupal 10 and find migration tools in our resource center.
What do the different permissions mean? I can't find an explanation of this in the document here http://www.logrus.com/nodequeue/readme.txt
What does 'manipulate queues' allow?
How is this different from adding a role to a single queue on the queue edit page?
What does 'Check each role that can add nodes to the queue.' mean -- the readme implies this allows removal of a node from the queue too.
Comment | File | Size | Author |
---|---|---|---|
#9 | 213074-permissions_are_confusing-D6.patch | 2.99 KB | amateescu |
#9 | 213074-permissions_are_confusing.patch | 4.16 KB | amateescu |
Comments
Comment #1
catchI just spent about 20 minutes trying to work out permissions weirdness, so bumping version and status - be nice to get this fixed up before a final release.
So - if you set the add/remove link in a nodequeue to a role via the checkbox, it only shows up if the user has "manipulate queues" permission. Although I haven't yet checked all variations. This is what I thought would happen:
1. any role where the checkbox is checked gets the links if set
2. any role with "manipulate all queues" permission gets the tabs, and the links if checked for their role
3. "manipulate queues" ??? probably access to tabs but to be honest I completely ignored it when initially setting up the module, and didn't think to look back there before I thought the checkboxes would work.
This is what I think actually happens so far, although it's probably still slightly wrong
1. Any role with manipulate queues gets the links and tab if they have the checkbox checked
2. The checkbox has no effect at all if a role doesn't have 'manipulate queues' permission (this is what confused me)
2. manipulate all queues gets all tabs, and links whatever happens
Ideally:
1. checkbox-per-role gives you access to the links
2. checkbox per role gives you access to the tabs - probably this would be set in the same place as the links permissions - on the nodequeue edit page
3. manipulate all queues/administer queues gives you everything all the time
4. 'manipulate queues' disappears because the above behaviour makes it redundant.
Comment #2
merlinofchaos CreditAttribution: merlinofchaos commented'manipulate queues' exists as a performance saver.
If a role doesn't have manipulate queues, then the query for the tab doesn't need to be run.
Comment #3
joachim CreditAttribution: joachim commentedAh... that makes sense :)
I don't see a way to make the names clearer, unfortunately.
What I'd suggest though is:
On the edit page for a queue:
- list only the roles that have 'manipulate queues'. This would give the admin user some feedback that 'manipulate queues' permission actually does something
- add some help text saying 'Only roles with 'manipulate queues' can be chosen here'.
Could you add a docs page to the handbooks on drupal.org for this module please, rather than a link to a readme elsewhere?
PS. And what about 'Check each role that can add nodes to the queue.'?
Comment #4
ezra-g CreditAttribution: ezra-g commentedI am marking #264415: Role selection for nodequeue manipulation ignores "manipulate all queues" permission as a duplicate of this, since it describes a solution to this problem;
Quoting dww:
Earl/Merlinofchaos supported B. Please see #2 in the above mentioned issue for my thoughts on making this interface change account for Smartqueue modular access control
Comment #5
ezra-g CreditAttribution: ezra-g commentedSorry about the mail spam...
Comment #6
ezra-g CreditAttribution: ezra-g commentedComment #7
willmoy CreditAttribution: willmoy commentedI came intending to submit #4 above as a bug... sub. I don't think it can count as critical after all this time, though.
Comment #8
amateescu CreditAttribution: amateescu commentedClosed #1009478: "No roles" and "manipulate all queues" as a duplicate.
A good suggestion from that issue is to make the 'No roles have...' text more proeminent.
Comment #9
amateescu CreditAttribution: amateescu commentedAttaching patches that implement option B) from #4.
Comment #10
amateescu CreditAttribution: amateescu commentedCommited to 6.x and 7.x.
http://drupalcode.org/project/nodequeue.git/commit/294a050
http://drupalcode.org/project/nodequeue.git/commit/aee1a3e